Via: Seth Johnson
-------- Original Message --------
Subject: Extremadura (Spain) moves 100% to free software and open
standards
Date: Sun, 30 Jul 2006 15:28:43 í
From: Alberto Barrionuevo
To: FFII bxl
Hi all,
the regional Government of Extremadura, one of the most
advanced regions worldwide in the adoption and promotion of
FLOSS, has decided few days ago:
1) To adopt as official document formats OpenDocument (ISO 26300)
and PDF/A (ISO 19005-1:2005). The last one only for document that
have to preserve the printing aspect.
2) To migrate the whole administration IT infrastructure to
gnuLinex, the local Linux flavour based on Debian.
All that with a deadline of one year.
Further info:
http://www.archivodocumental.com/estandares/index.php?option=com_content&task=view&id=56&Itemid=38
(in Spanish but with all the links at the end)
http://localfoss.org/node/193 (English)
Translation of the press conference for the presentation of
the initiative:
Via: Sunil Abraham
Dear Friends,
Nice post of Ethan's blog which shows how hardware/software vendors can
compensate for poor engineering by using copyright law.
Cheers,
Sunil
http://www.ethanzuckerman.com/blog/?p=906
July 26, 2006
Derek Bambauer’s last Berkman fellows talk
Filed under: Berkman, Geekery — Ethan @ 11:52 am
Derek Bambauer is spending his last hours in Cambridge - literally -
giving a final presentation at the Berkman Center. The lunch ends at
1:30pm, and he’s off to Detroit at 2pm to start a new career teaching
intellectual property law at Wayne State law school. For his parting
shot, he previews a paper he’s writing with Phil Malone on how the law
currently limits - undesirably - software security research. He’s more
clear, at this stage of his research, about the problem than about its
potential solution.
Testing software and internet infrastructure for bugs and weaknesses,
finding potentially dangerous exploits, is, Derek suggests, exciting,
intellectually engaging and important to cyber-security as a whole.
(Simpson Garfinkel challenges this assertion later in the discussion…)
But it’s legally risky to get involved with this sort of testing - you
open yourself to civil law suits with large damage awards, and to
possible criminal charges that could include prison time. Derek argues
that the current state of regulation is hampering the state of computer
security research.
For a case study, Derek looks at Mike Lynn, a researcher for Internet
Security Systems. Lynn found what was described as “the holy grail” of
internet security bugs, a bug Cisco’s Internet Operating System which
allowed hackers to remotely damage Cisco routers, which have a
reputation for being impregnible. Lynn alerted Cisco, which issued a
patch… but Cisco wasn’t strongly pushing adoption, and Lynn believed
they were dragging their heels so as not to damage their reputation for
security.
So Lynn decided to present his results at the Black Hat conference in
Las Vegas in the summer of 2005, on behalf of ISS, his employer. Cisco
put strong pressure on ISS not to let Lynn make the presentation -
eventually, Lynn decided to resign from ISS and make the presentation
anyway. In the aftermath, Cisco threatened to sue Lynn claiming his
power point presentation violated copyright by presenting snippets of
copyrighted code. They further claimed that this information was a trade
secret. (The copyright argument is likely entirely bogus, Derek thinks -
this is a classic fair use scenario.)
Jennifer Granick acted as Lynn’s lawyer and negotiated a settlement -
Lynn wouldn’t release the specific exploit code, and Cisco would drop
the suit. In the grand scheme of things, it’s a “happy” outcome… though
Lynn did lose his job and had his life radically transformed. Derek
suggests that “you don’t need to win a case to be successful, you just
need to create a chilling effect.”
A second story adds a layer of complexity to the situation: Snowsoft, a
team of security researchers, were trying to get Hewlett Packard to
purchase their services. They discovered a buffer overflow in HP/UNIX,
and another researcher published the bug they found to theBugtraq list,
along with code to use the exploit. HP responded with their full wrath,
threatening criminal extortion charges. Snowsoft found themselves in an
unusual situation - did HP want to prevent publication of this
information to protect their reputation? Or did they want to benefit
from Snowsoft’s discovery without compensating Snowsoft for their work?
In general terms, security researchers are multiply vulnerable. They can
run afoul of the DMCA, the Computer Fraud and Abuse act, intellectual
property laws surrounding copyright, patents, trademark and trade
secrets, and also copyright law, if reverse engineering violates the End
User License Agreement. In some cases, experimenting with systems could
cause vulnerability under tresspass or extortion laws. Derek argues that
the safe harbors to protect this sort of exploration are insufficient -
they’re narrow and untested in the courts.
And power is strongly on the side of software vendors - you’re breaking
their stuff, and most judges will conclude that they’ve got a right to
protect access to their property. As a result, it’s virtually impossible
to get third party insurance as a software tester. There’s major legal
risk without mitigating devices like insurance.
Derek acknowledges that there are debates within the security community
about the details of intrusion testing. When do you let a company know
you think you’ve found a vulnerability? When can you publish this
information? 30, 45 days after warning the company? If Sony in
installing rootkits on people’s machines, do you owe Sony anything
before revealing that they’re distributing malware?
The fear Derek is trying to tackle is that security testing moves
entirely underground - firms find weaknesses and sell them to the
eastern european Mafia rather than reporting and publishing them. To
prevent this, he explores some possibilities: making it harder for EULAs
to override fair use, to prevent reverse engineering; shifting the
burder on fair harbor provisions so the software companies must prove
that you’re outside of fair harbor; potentially creating a trade
association that allows a group of people to cooperate and ensure their
activities against liability.
Much of the interesting pushback on Derek’s presentation came from
Simpson Garfinkel, a security researcher and world-class skeptic. He
points out “some of the people who call themselves security researchers
are involved with extortion” - do we want to be encouraging people to
find key vulnerabilities in software when some of them are explicitly
doing so as a way of threatening and extorting companies?
Instead of trying to protect people creating exploits, Simpson believes
we should look closely at the fact that most software licenses protect
software companies from any and all liability. If Cisco could be sued
due to documented limitations and failures in their software, they’d
likely have a very different attitude about independent software testing
and would work closely with anyone who released a bug to get it patched
and limit liability.
Simpson’s other interesting idea involves patenting exploits - if you’ve
figured out a novel way to break software, patent it so other software
testing firms need to license it from you. He admits that this certainly
doesn’t stop the bad guys from using your techniques, but can create a
revenue stream for folks engaged in this industry other than extortion.
It will be interesting to see where Derek goes with this - it’s not
clear that the problems he sees are as clear to a critic like Simpson.
On the other hand, I think he’s made the case that there are instances
where independent software testing is desirable, which means wrestling
with these issues is likely to be worthwhile. I hope he’ll bring us up
to date the next time he comes to visit from Detroit. Bon chance, Derek!
Via: Jeebesh Bagchi
This case may interest some people on this list. b, j
http://www.forbes.com/business/businesstech/feeds/ap/2006/07/22/
ap2897439.html
Associated Press
Judge Orders Teen to Cancer Treatment
By SONJA BARISIC , 07.22.2006, 11:13 PM
A judge has ruled that a 16-year-old boy fighting to use alternative
treatment for his cancer must report to a hospital by Tuesday and
accept treatment that doctors deem necessary, the family's attorney
said.
The judge on Friday also found Starchild Abraham Cherrix's parents
were neglectful for allowing him to pursue alternative treatment of a
sugar-free, organic diet and herbal supplements supervised by a
clinic in Mexico, lawyer John Stepanovich said.
Jay and Rose Cherrix of Chincoteague on Virginia's Eastern Shore must
continue to share custody of their son with the Accomack County
Department of Social Services, as the judge had previously ordered,
Stepanovich said.
The parents were devastated by the new order and planned to appeal,
the lawyer said.
Stepanovich said he will ask a higher court on Monday to stay
enforcement of the order, which requires the parents to take Abraham
to Children's Hospital of the King's Daughters in Norfolk and to give
the oncologist their written legal consent to treat their son for
Hodgkin's disease.
"I want to caution all parents of Virginia: Look out, because Social
Services may be pounding on your door next when they disagree with
the decision you've made about the health care of your child,"
Stepanovich said.
Phone calls to the Cherrix home went unanswered.
The lawyer declined to release the ruling, saying juvenile court
Judge Jesse E. Demps has sealed much of the case.
Social Services officials have declined to comment, citing privacy laws.
After three months of chemotherapy last year made him nauseated and
weak, Abraham rejected doctors' recommendations to go through a
second round when he learned early this year that his Hodgkin's
disease, a cancer of the lymph nodes, was active again.
A social worker then asked a judge to require the teen to continue
conventional treatment. In May, the judge issued a temporary order
finding Abraham's parents neglectful and awarding partial custody to
the county, with Abraham continuing to live at home with his four
siblings.
Via: Prashant Iyengar
IIT law school opens doors
July 23: The countrys first intellectual property rights law school
opened at the Indian Institute of Technology, Kharagpur, today, with
authorities promising more in the days ahead.
The Rajiv Gandhi School of Intellectual Property Law will also operate
from the IITs Calcutta campus at Salt Lake before moving to the
institutes new complex at Rajarhat, scheduled to come up in 2008.
While the law school will kick off its current session with 55
students in its two programmes, it plans on ramping up the headcount
to 800 by 2011, with the Calcutta campus accommodating at least 300 by
2009.
Once we start introducing new courses, the student headcount will go
up sharply, said project leader K. Chakravarti.
There is a tremendous demand for lawyers specialising in intellectual
property in India and, therefore, we are confident there will be a
tremendous response to programmes on these lines, Chakravarti said.
The law school now offers two programmes: a six-semester, three-year,
full-time residential course for a bachelor of law degree with
specialisation in intellectual property rights, and a three-semester,
one-and-a-half year, part-time non-residential programme for a
postgraduate diploma.
We are currently offering the postgraduate diploma programme at
Calcutta only, but will introduce it in our Bhubaneswar campus next
year, as we feel that the demand is quite high in that part of the
country. Kharagpur, too, will have the diploma programme shortly,
Chakravarti said.
Next in line is an integrated six-year, dual degree B.Tech LL.B
programme, for which the human resource development ministry has
already given its approval. The law school also plans to introduce
LL.M and PhD programmes in the near future.
The funding for all the initiatives, including creation of physical
infrastructure, will come from the Union government, which has
promised to match (alumnus) Vinod Guptas pledge of $1 million. They
have been extremely enthusiastic about the project and have
fast-tracked it to its completion, said S. K. Dube, director, IIT
Kharagpur.
The IIT also signed a technical collaboration agreement (TCA) with
George Washington University (GWU) in January to facilitate student
and faculty exchange, joint research and curriculum development.
The TCA with GWU will soon place the Rajiv Gandhi School of
Intellectual Property Law among the top law schools of intellectual
property in the world.
No other institute teaches IPR law as a full-fledged course. We will
also teach law related to technology, which is also not taught
anywhere in India, said Probir Kumar Gupta, the law schools head.
Top
http://www.telegraphindia.com/1060724/asp/nation/story_6516590.asp
**
Via: Prashant Iyengar
Pirates of Caribbean gets a taste of piracy
Shriya Bubna / Mumbai July 24, 2006
Video piracy has punched holes in the Indian collections of Pirates of
the Caribbean: Dead Mans Chest, the latest offering from Hollywood to
release in the country.
The film has recorded the biggest ever opening weekend in the
Hollywood history, and may still miss out on several viewers as
pirated VCDs and DVDs of the movie have made their way to the local
black markets.
Thanks to the thriving pirates of Dubai as well as home-grown
fraudsters, pirated prints of the film flooded the market on the day
of the India release itself.
The bane of the movie - sequel to Pirates of the Caribbean: The Curse
of the Black Pearl - is its delayed release in India last Friday; it
opened globally on July 6.
Other recent Hollywood blockbusters released in India - the two
Spiderman movies, the Harry Potter series, Superman Returns - had
escaped a similar fate as their release in India coincided with their
global opening.
Bollywood pegs the losses in revenue due to piracy at Rs 1,700 crore a
year. As many as 70 per cent of the market is serviced by piracy while
only 30 per cent is serviced by legitimate products.
The Motion Pictures Association of America (MPAA), consisting of the
six big Hollywood studios, loses an estimated Rs 375 crore in revenue
to piracy each year in India.
While the cost of a pirated CD may be only Rs 50, pirates operate on a
profit margin of nearly 800 per cent since the CDs are copied.
Via: Shekhar Krishnan
OBSERVE "MUMBAI IN WHITE" ON 26 JULY 2006!
College students, and all citizens of Mumbai!
Wear white on July 26th. White for peace and a memorial to the dead.
If you wear uniform, or you don't own anything white, wear a white
band!
The seven blasts on suburban trains on July 11 shocked Mumbai and the
world. Yet Mumbaikars not only kept calm, they went out of their way to
help the injured and the families of the dead. Despite Mumbai's
inherently cosmopolitanism and its peaceful character, we must actively
take measures to ensure that this spirit of resilience and generosity
endure. There are always communal elements that will try to vitiate the
atmosphere by attempting to target innocents.
Mumbai needs to stand together and defeat the attempts of terrorists and
communal forces to grind down the city's sense of unity. We must make
certain that no more innocent lives are lost.
Colleges and citizens' organisations of all hues and sectors have united
to urge that we observe July 26, the first anniversary of the floods in
which 447 Mumbaikars lost their lives, as a day on which to say "Salaam
Mumbai". We appeal to every citizen to wear white on WEDNESDAY 26 JULY
2006, to work, to go anywhere, in memory of those who lost their lives
in the blasts as well and to express their commitment to peace.
On that day, students from more than 30 city colleges in Mumbai will
read a Pledge of Peace in all colleges at 3.00 P.M. exactly. There will
also be two public meetings at colleges held at 2.30 P.M.
1. National College, Linking Road, Bandra (West), Mumbai 400051
2. Burhani College, Nesbitt Road, Mazgaon, Mumbai 400010
We request colleges, organisations, NGOs, offices, temples, churches and
mosques to please spread the word. Please come to the public meetings
and read the pledge of Peace wherever you are. Please remember to wear
white on that day!
Dr Subadra Anand
Principal, National College, Bandra
+91.22.2646.1424
Dr. Sabira Dossa
Principal, Burhani College
Ms Ferrukh S. Waris
Burhani College
+91.22.2371.2449, +91.93234.69013
Representatives of all colleges in Mumbai
Varsha Rajan-Berry
Peace Mumbai
+91.22.5582.1141/51, +91.98206.03704
Via: Clifton
Dear All,
Aalternative Law Forum (ALF) and People's Union of Civil Liberties (PUCL-K) would like invite you to the Book release of 'Scarred', by Dionne Bunsha. Dionne Bunsha has been covering the Gujarat pogroms and its aftermath and the collection of her writings go to make up this very important book.
For the occasion we thought it would be useful to reflect on the situation, four years after Gujarat also in the context of the rapidly changing situation in Karnataka.For this we have a panel comprising:
Dionne Bunsha
Gauri Lankesh, Lankesh and Komu Souharda Vedike
Parvati Menon ( Frontline )
The discussion will be moderated by Clifton D' Rozario
Date : 21.007.06 at 6.00 pm
Place: Xavier's Hall, II Floor, Ashirwad, St Marks Road ( The small road next to the petrol bunk, Opposite SBI)
'Scarred' is an intense, moving narrative of the aftermath of the communal violence in Gujarat 2002, which etched deep faults in Gujarat's social landscape. It looks at both the larger as well as the closer picture to understand what happened in Gandhi's Gujarat.
"Beautiful... Scarred is not dark, it is one assured step inside the darkness, to explore the light... It's straight-forward, honest to the core, a reporter's authentic notebook on the scars that have refused to heal."
- Tehelka
